Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20346

Crowd user management retrieves all users and groups when UI is brought up

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: 3.17.0
    • Fix Version/s: None
    • Component/s: Crowd
    • Labels:

      Description

      Configure Nexus Repo 3.17.0 to use Atlassian Crowd authentication.  Then go to the "security–>users" screen, and switch the source drop down to "crowd".  This will trigger an query like this to crowd:

      2019-06-26 11:35:19,379-0500 DEBUG [qtp1396977020-400] admin org.apache.http.headers - http-outgoing-5 >> POST /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=2147483647&expand=user HTTP/1.1

      Note the value of "max-results".

      We then iterate over every single result, and get the user's details, and make a second query to get their crowd groups.

      In a large crowd server this can take a very, very long time. Against our own crowd server this was running for more than 15 minutes before I finally gave up and killed it.

      Expected:  We should not do any search by default, instead wait for a user to input a search term. And after inputing the search term we should limit the number of results that can be retrieved.

      Note that Nexus Repo 2 does not do a default search for crowd.

      This issue can make crowd unusable for customers that have very large crowd directories.

       

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  tigCommentSecurity.panel-title